<?php 
	$title='Fitness forum - post message';
	$description='Fitness forum post reply';
	$keywords='fitness, muscles, training, supplements, diet, nutririon, forum';
?>
<?php include('fns_db_forum.php'); ?>
<?php include('forum_utils.php'); ?> 
<?php include('../views/layouts/_header.php'); ?> 
<?php include('../views/layouts/_left.php'); ?>

   
<?php
session_start();

switch( @$_POST['Button']) 
{
	case "Post Message": 
	{
		if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
			$cxn = db_connect();
			$result = get_parent_thread($_POST['freplyto']);
			$thread = mysqli_fetch_assoc( $result );
			// Encode any quote characters 
			//$author = strip_tags($_POST['author']);
			//$author = mysqli_real_escape_string($cxn,$author);
			$author = null;
			if ($_SESSION['auth'] == "yes"){
				$author = $_SESSION['logname'];
			}
			else{
				$author = 'Unregistered User'; 
			}
			
			
			//$messageBody = stripslashes( $_POST['FCKeditor1'] ) ;
			$messageBody = addslashes( $_POST['FCKeditor1'] ) ;
			
			//$body = htmlentities($_POST['body']);
			//$body = mysqli_real_escape_string( $cxn, $body );
			$result = reply_to_message($thread['parent_thread'], $_POST['freplyto'], $author, $messageBody);
			if( $result == 0 )
				echo "Error posting new message: ".mysqli_error($cxn);
			else
			{ 
				$result = update_thread_after_adding_message($thread['parent_thread']);
				if( $result == 0 ){
					#echo "Error: ".mysqli_error($cxn);
				}
				else
				{
					echo '<meta http-equiv="Refresh" content="2;'; 
					echo 'url=view_thread.php?threadID=';
					echo $thread['parent_thread']. '"/>';
					echo "<B>Your message has been posted. In a moment
					you will be
					automatically returned to the thread.</b>";
				}
			}
			
			unset($_SESSION['security_code']);
		}
		else {
				// Insert your code for showing an error message here
				echo 'Sorry, you have provided an invalid security code';
		}
	break;
	}
	default: 
	{
		$result = get_message_details($_GET['replyTo']);
		$_POST = mysqli_fetch_assoc( $result );
		$fresponse = $_POST['body']; 
		$fsubject = $_POST['subject'];
		$body = "";
		$author = "";
		$freplyto = $_GET['replyTo']; 
		include("reply_fields.php");
		include( "message_form.php" );
		break;
	}
}
?> 
	
<?php include('../views/layouts/_footer.php'); ?>
